Protect your WordPress website from Hackers

Sukhwinder Singh December 4, 2018

Protect your WordPress website from Hackers

Hey techies

‘Hacking’ is the word that haunts most of us and we are always struggling to protect our systems against it. Hackers exploit security loopholes & vulnerabilities to hack a website that actually is a result of our own ignorance. Let’s understand it with an example of a WordPress website.

Whenever we install WordPress, we install it using default settings and go ahead with designing & development. This is what makes it vulnerable to hacking. Therefore, we must ensure not to use default settings:

Let’s see the recommended WordPress installation process, step by step:

In Setup configuration Page: Database name, Database User and Table Prefix should be different than the default and alphanumeric. Database Password should be min 16 characters long and alphanumeric.

In Website Information page: Admin username should not be “Admin”, “Website name” should be different and alphanumeric. Admin password should be a minimum of 16 characters long and alphanumeric.

Next thing to be taken of is, permissions of files and folders of the website. Some of the developers give away 777 permissions to the entire website, which is too dangerous with respect to security. Rather this is an open invitation to hackers. So, make sure your website permissions are appropriate, i.e. for the directory, it should be 755 and 644 for files. If your permissions are not as per these recommendations, change them immediately using the following commands:

Assuming your website root directory is “/var/www/html”:

find /var/www/html -type d -exec chmod 755 {} \;
find /var/www/html -type f -exec chmod 644 {} \;

If you want to enhance the security, you may provide only ‘read’ permissions to “.htaccess”, “index.php” and “wp-config.php” files using the following command:

find /var/www/html -type f -name “.htaccess” -exec chmod 444 {} \;
find /var/www/html -type f -name “index.php” -exec chmod 444 {} \;
chmod 444 /var/www/html/wp-config.php

Note: With the above three commands these three files will not be editable anymore. If you need to write anything in these three files, you need to change the permissions back to 644.

In case you are on VPS or dedicated server and managing multiple sites on the same server then-owner permissions become extremely crucial.

You may also install a security plugin: iThemes Security (formerly Better WP Security) is one of the most preferred security plugins for WordPress and you may go ahead with it.

You may install it by following this link:

https://wordpress.org/plugins/better-wp-security/

Most of the developers do not configure email in the website and send emails using a PHP mailer which is not appreciable. A good developer will send emails using SMTP it will add value to the reputation of the website.

For SMTP, you may use plugin – SMTP Mailing Queue By Dennis Hildenbrand and here is the link to download the same: https://wordpress.org/plugins/smtp-mailing-queue/

or you may use Post SMTP Mailer/Email Log By Jason Hendriks, Yehuda Hassine from https://wordpress.org/plugins/tags/postman-smtp/

Thank you very much for taking the time to read my write-up!

Do share it with your friends if you find it useful.

Cheers!!!

Lets’s Talk

About your ideas and concept